43b8773fc837b9094c95c8d6b7d05cdec764fb7898beeb75cb450e7db9470874

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 23:36

Target

a8b023dddc737c57d00288685a5f4d41_JaffaCakes118.exe
Size

1.8MB
MD5

a8b023dddc737c57d00288685a5f4d41
SHA1

834d5a09d688b5995690313ac47bd5dc2572e405
SHA256

43b8773fc837b9094c95c8d6b7d05cdec764fb7898beeb75cb450e7db9470874
SHA512

416e83c0acc2602921df4c5840aaf8d46ce9296ca7c6c43d33256842f04fa82d3ae524f9307d4048a9ad69e6bd627d330a3993828f55e0176a2eb8753b08e6e9
SSDEEP

49152:JNLqomc/tBbR+/6+ldb5fpd06bh5ISCIuTPCuV8FAu9:JbmApM97BD0

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a8b023dddc737c57d00288685a5f4d41_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2120	a8b023dddc737c57d00288685a5f4d41_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2120-0-0x0000000010900000-0x0000000010C75000-memory.dmp

Filesize
3.5MB

Download
memory/2120-1-0x0000000077040000-0x0000000077041000-memory.dmp

Filesize
4KB

Download
memory/2120-7-0x00000000763D0000-0x00000000763D1000-memory.dmp

Filesize
4KB

Download
memory/2120-3-0x0000000077040000-0x0000000077041000-memory.dmp

Filesize
4KB

Download
memory/2120-9-0x0000000010900000-0x0000000010C75000-memory.dmp

Filesize
3.5MB

Download
memory/2120-12-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2120-11-0x0000000077040000-0x0000000077041000-memory.dmp

Filesize
4KB

Download
memory/2120-10-0x00000000002C0000-0x00000000002F5000-memory.dmp

Filesize
212KB

Download
memory/2120-13-0x00000000763D0000-0x00000000763D1000-memory.dmp

Filesize
4KB

Download
memory/2120-14-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2120-15-0x0000000010900000-0x0000000010C75000-memory.dmp

Filesize
3.5MB

Download
memory/2120-16-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download